...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>LIPIcs : Leibniz International Proceedings in Informatics >Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems
【24h】

Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems

机译:基于时间触发系统定向定时推断的漏洞分析及减轻

获取原文
   

获取外文期刊封面封底 >>

       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedule-diversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose.
机译:已经提高了实时系统的可预测性,特别是在安全关键环境中的努力,这为设计师提供了丰富的方法和工具,以证明没有或有限的意外断层的情况。然而,随着实时系统的连通性和越来越复杂的利用,安全性以及尤其是越来越复杂的利用,安全性以及对安全性的影响成为同等重要的担忧。与脱机构造的表的时间触发调度提供了确定性并简化了定时推断,但是,同时,时间触发的调度通过允许攻击者将其攻击攻击到特定,确定的规定和可能的安全关键任务来创建漏洞。在本文中,我们通过假设在实时系统中运行的任务子集的成功妥协并通过调查攻击者从中获得的攻击潜力来分析这些漏洞的严重性。此外,我们讨论了两种方法来缓解直接攻击:时刻表的插槽级在线随机化和离线时间表多样化。我们评估了这些缓解策略,具有真实的案例研究,以表明他们不仅会减轻意外恶意行为的实用性,而且攻击者故意触发的恶意行为。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号